Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io
Cloud Threat Landscape

Ivanti Connect Secure targeting campaign

Type
Campaign
Actors
💡UNC5221
Pub. date
January 10, 2024
Initial access
0-day vulnerability
Impact
Unknown
Observed tools
PySoxyLIGHTWIRETHINSPOOLWARPWIREWIREFIREenum4LinuxZIPLINEBUSHWALKCHAINLINEFRAMESTINGImpacketCrackMapExeciodineDSLog
Targeted technologies
Ivanti Connect Secure VPN
References
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gatewayshttps://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-dayhttps://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitationhttps://quointelligence.eu/2024/01/unc5221-unreported-and-undetected-wirefire-web-shell-variant/https://www.synacktiv.com/publications/krustyloader-rust-malware-linked-to-ivanti-connectsecure-compromiseshttps://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/https://www.orangecyberdefense.com/global/blog/research/ivanti-connect-secure-journey-to-the-core-of-the-dslog-backdoorhttps://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise
Status
Stub
Last edited
Jun 2, 2024 8:02 AM

Made with 💙 by Wiz

Last Updated: April 3, 2025